exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html | Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html | Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html | Mailing List Third Party Advisory |
https://access.redhat.com/errata/RHSA-2020:0514 | Third Party Advisory |
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf | Patch Third Party Advisory |
https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54 | Patch Third Party Advisory |
https://security.netapp.com/advisory/ntap-20200114-0001/ | Third Party Advisory |
https://usn.ubuntu.com/4298-1/ | Broken Link |
https://www.debian.org/security/2020/dsa-4638 | Third Party Advisory |
https://www.oracle.com/security-alerts/cpuapr2020.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
Configuration 8 (hide)
|
History
15 Apr 2022, 16:16
Type | Values Removed | Values Added |
---|---|---|
References | (UBUNTU) https://usn.ubuntu.com/4298-1/ - Broken Link | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2020:0514 - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20200114-0001/ - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf - Patch, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2020/dsa-4638 - Third Party Advisory | |
References | (N/A) https://www.oracle.com/security-alerts/cpuapr2020.html - Patch, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html - Mailing List, Third Party Advisory | |
First Time |
Opensuse backports Sle
Debian debian Linux Siemens Redhat enterprise Linux Desktop Redhat enterprise Linux Server Oracle Oracle mysql Workbench Suse linux Enterprise Netapp Netapp cloud Backup Siemens sinec Infrastructure Network Services Suse Debian Suse package Hub Opensuse leap Redhat enterprise Linux Workstation Opensuse Redhat |
|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:* cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* |
10 Mar 2022, 17:41
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-12-18 06:15
Updated : 2023-12-10 13:13
NVD link : CVE-2019-19880
Mitre link : CVE-2019-19880
CVE.ORG link : CVE-2019-19880
JSON object : View
Products Affected
suse
- package_hub
- linux_enterprise
redhat
- enterprise_linux_server
- enterprise_linux_desktop
- enterprise_linux_workstation
oracle
- mysql_workbench
debian
- debian_linux
netapp
- cloud_backup
opensuse
- leap
- backports_sle
siemens
- sinec_infrastructure_network_services
sqlite
- sqlite
CWE
CWE-476
NULL Pointer Dereference